Black Hat & The Wassenaar Arrangement

The Wassenaar Arrangement, as currently written, has the potential to significantly restrict and/or eliminate the depth and types of research curated by many members of our security community, especially those that collaborate internationally. For more than 17 years, Black Hat researchers have taken the stage to share their latest work and potential vulnerabilities in an effort to highlight trouble areas and ultimately help secure our most critical infrastructure and increasingly digitally connected lives.

We strongly support the open sharing of information security research internationally – no matter the venue - and encourage the community to review the Wassenaar Arrangement during the comment period on or before July 20, 2015.

Additionally, to continue these critical conversations around this significant piece of policy, Black Hat will offer a forum for sharing and collaboration at the upcoming Black Hat USA 2015 event. Join us for an interactive panel on August 6 where members of our community will dive into how the Wassenaar Arrangement will affect the larger security industry. What does the addition of "intrusion software" to the list of dual use controlled items mean for security research, bug bounty programs and our overall privacy?

We look forward to seeing you there.

Panel: How the Wassenaar Arrangement's Export Control of "Intrusion Software" Affects the Security Industry

When/Where: Thursday, August 6, 11:00-11:50 (Mandalay Bay BCD)

Abstract: In 2013, the group of countries that make up the Wassenaar Arrangement added "intrusion software" to the list of dual use controlled items. This rule has been implemented and enforced in different ways among participating countries since last year. The United States Government is currently working on how it will implement these rules. Much like the crypto wars of the 1990's, the ruling in its current form threatens to make some legitimate security work more difficult. This has the potential to raise the cost for defenders and lower the cost for attackers. Join us for a panel that brings together different members of our community to discuss their perspectives on these export regulations. The panel will include those involved in security research, bug bounty programs, and privacy.


  • Kim Zetter, Senior Writer, WIRED


  • Collin Anderson, Researcher,
  • Dino Dai Zovi, Mobile Security Lead, Square
  • Nate Cardozo, Staff Attorney, Electronic Frontier Foundation (EFF)
  • Katie Moussouris, Chief Policy Officer, HackerOne

Sustaining Partners